[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.489115] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.444478] random: sshd: uninitialized urandom read (32 bytes read) [ 22.831981] random: sshd: uninitialized urandom read (32 bytes read) [ 23.517504] random: sshd: uninitialized urandom read (32 bytes read) [ 31.863093] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. [ 37.376768] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.458979] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1340 [ 37.467453] in_atomic(): 0, irqs_disabled(): 1, pid: 4465, name: syz-executor885 [ 37.474979] INFO: lockdep is turned off. [ 37.479037] irq event stamp: 0 [ 37.482219] hardirqs last enabled at (0): [<0000000000000000>] (null) [ 37.489831] hardirqs last disabled at (0): [] copy_process.part.41+0x18cb/0x7340 [ 37.498962] softirqs last enabled at (0): [] copy_process.part.41+0x196c/0x7340 [ 37.511209] softirqs last disabled at (0): [<0000000000000000>] (null) [ 37.518758] CPU: 0 PID: 4465 Comm: syz-executor885 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 37.527325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.536747] Call Trace: [ 37.539338] dump_stack+0x1c9/0x2b4 [ 37.542958] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.548327] ___might_sleep.cold.86+0x11f/0x13a [ 37.552977] ? check_same_owner+0x340/0x340 [ 37.557282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.562887] ? trace_9p_protocol_dump+0xbe/0x3a0 [ 37.567809] __might_sleep+0x95/0x190 [ 37.571592] __do_page_fault+0x3b6/0xe50 [ 37.575801] ? mm_fault_error+0x380/0x380 [ 37.580122] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.585638] ? p9pdu_readf+0xb78/0x2170 [ 37.589607] do_page_fault+0xf6/0x8c0 [ 37.593585] ? p9pdu_writef+0xe0/0xe0 [ 37.597367] ? vmalloc_sync_all+0x30/0x30 [ 37.601496] ? ksys_dup3+0x690/0x690 [ 37.605734] ? check_same_owner+0x340/0x340 [ 37.610053] ? p9_fd_poll+0x2b0/0x2b0 [ 37.613841] ? kasan_kmalloc+0xc4/0xe0 [ 37.617731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.622575] page_fault+0x1e/0x30 [ 37.626023] RIP: 0010:kfree+0xb2/0x260 [ 37.629884] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 37.649014] RSP: 0018:ffff8801ac8a75d0 EFLAGS: 00010046 [ 37.654377] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 37.661631] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 37.668894] RBP: ffff8801ac8a75f0 R08: ffff8801af3106c0 R09: ffffed0035914df8 [ 37.676146] R10: ffffed0035902a1b R11: 0000000000000001 R12: 0000000000000282 [ 37.683398] R13: 0000000000000000 R14: ffff8801ac8a7740 R15: ffff8801acf98380 [ 37.690660] ? p9_client_create+0xf09/0x16c9 [ 37.695059] p9_client_create+0xf43/0x16c9 [ 37.699285] ? p9_client_read+0xc60/0xc60 [ 37.703424] ? lock_acquire+0x1e4/0x540 [ 37.707389] ? lock_acquire+0x1e4/0x540 [ 37.711364] ? fs_reclaim_acquire+0x20/0x20 [ 37.715670] ? lock_release+0xa30/0xa30 [ 37.719635] ? __lockdep_init_map+0x105/0x590 [ 37.724119] ? kasan_check_write+0x14/0x20 [ 37.728348] ? __init_rwsem+0x1cc/0x2a0 [ 37.732316] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 37.737316] ? __kmalloc_track_caller+0x311/0x760 [ 37.742146] ? save_stack+0xa9/0xd0 [ 37.745770] ? save_stack+0x43/0xd0 [ 37.749379] ? kasan_kmalloc+0xc4/0xe0 [ 37.753246] ? kmem_cache_alloc_trace+0x152/0x780 [ 37.758065] ? memcpy+0x45/0x50 [ 37.761326] v9fs_session_init+0x21a/0x1a80 [ 37.765626] ? rcu_note_context_switch+0x730/0x730 [ 37.770535] ? do_mount+0x69e/0x1fb0 [ 37.774243] ? lock_acquire+0x1e4/0x540 [ 37.778198] ? v9fs_show_options+0x7e0/0x7e0 [ 37.782587] ? lock_release+0xa30/0xa30 [ 37.786541] ? check_same_owner+0x340/0x340 [ 37.790860] ? lock_downgrade+0x8f0/0x8f0 [ 37.794993] ? kasan_unpoison_shadow+0x35/0x50 [ 37.799570] ? kasan_kmalloc+0xc4/0xe0 [ 37.803444] ? kmem_cache_alloc_trace+0x318/0x780 [ 37.808269] ? kasan_unpoison_shadow+0x35/0x50 [ 37.812835] ? kasan_kmalloc+0xc4/0xe0 [ 37.816705] v9fs_mount+0x7c/0x900 [ 37.820226] ? v9fs_drop_inode+0x150/0x150 [ 37.824442] legacy_get_tree+0x118/0x440 [ 37.828486] vfs_get_tree+0x1cb/0x5c0 [ 37.832267] do_mount+0x6c1/0x1fb0 [ 37.835790] ? check_same_owner+0x340/0x340 [ 37.840094] ? lock_release+0xa30/0xa30 [ 37.844051] ? copy_mount_string+0x40/0x40 [ 37.848272] ? kasan_kmalloc+0xc4/0xe0 [ 37.852150] ? kmem_cache_alloc_trace+0x318/0x780 [ 37.856994] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.862510] ? _copy_from_user+0xdf/0x150 [ 37.866641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.872172] ? copy_mount_options+0x285/0x380 [ 37.876653] ksys_mount+0x12d/0x140 [ 37.880266] __x64_sys_mount+0xbe/0x150 [ 37.884223] do_syscall_64+0x1b9/0x820 [ 37.888092] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.893003] ? syscall_return_slowpath+0x31d/0x5e0 [ 37.897914] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.902911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.908432] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.913432] ? perf_trace_sys_enter+0xb10/0xb10 [ 37.918096] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.922933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.928103] RIP: 0033:0x4401d9 [ 37.931269] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.950401] RSP: 002b:00007ffcf98da5c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 37.958096] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9 [ 37.965354] RDX: 00000000200002c0 RSI: 00000000200001c0 RDI: 0000000000000000 [ 37.972620] RBP: 00000000006ca018 R08: 00000000200003c0 R09: 00000000004002c8 [ 37.979879] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000401a60 [ 37.987135] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 37.994956] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 [ 38.002905] PGD 1b32e1067 P4D 1b32e1067 PUD 1ba072067 PMD 0 [ 38.008704] Oops: 0000 [#1] SMP KASAN [ 38.012486] CPU: 0 PID: 4465 Comm: syz-executor885 Tainted: G W 4.18.0-rc4-next-20180710+ #3 [ 38.022353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.031717] RIP: 0010:kfree+0xb2/0x260 [ 38.035586] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 38.054704] RSP: 0018:ffff8801ac8a75d0 EFLAGS: 00010046 [ 38.060064] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 38.067323] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 38.074586] RBP: ffff8801ac8a75f0 R08: ffff8801af3106c0 R09: ffffed0035914df8 [ 38.081844] R10: ffffed0035902a1b R11: 0000000000000001 R12: 0000000000000282 [ 38.089108] R13: 0000000000000000 R14: ffff8801ac8a7740 R15: ffff8801acf98380 [ 38.096374] FS: 0000000002408880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 38.104702] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.110567] CR2: 0000000000000074 CR3: 00000001cfe84000 CR4: 00000000001406f0 [ 38.117825] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.125085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.132343] Call Trace: [ 38.134928] p9_client_create+0xf43/0x16c9 [ 38.139145] ? p9_client_read+0xc60/0xc60 [ 38.143277] ? lock_acquire+0x1e4/0x540 [ 38.147235] ? lock_acquire+0x1e4/0x540 [ 38.151196] ? fs_reclaim_acquire+0x20/0x20 [ 38.155525] ? lock_release+0xa30/0xa30 [ 38.159481] ? __lockdep_init_map+0x105/0x590 [ 38.163957] ? kasan_check_write+0x14/0x20 [ 38.168171] ? __init_rwsem+0x1cc/0x2a0 [ 38.172127] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 38.177124] ? __kmalloc_track_caller+0x311/0x760 [ 38.181950] ? save_stack+0xa9/0xd0 [ 38.185557] ? save_stack+0x43/0xd0 [ 38.189163] ? kasan_kmalloc+0xc4/0xe0 [ 38.193042] ? kmem_cache_alloc_trace+0x152/0x780 [ 38.198362] ? memcpy+0x45/0x50 [ 38.201625] v9fs_session_init+0x21a/0x1a80 [ 38.205947] ? rcu_note_context_switch+0x730/0x730 [ 38.210868] ? do_mount+0x69e/0x1fb0 [ 38.214570] ? lock_acquire+0x1e4/0x540 [ 38.218526] ? v9fs_show_options+0x7e0/0x7e0 [ 38.222917] ? lock_release+0xa30/0xa30 [ 38.226887] ? check_same_owner+0x340/0x340 [ 38.231205] ? lock_downgrade+0x8f0/0x8f0 [ 38.235337] ? kasan_unpoison_shadow+0x35/0x50 [ 38.239899] ? kasan_kmalloc+0xc4/0xe0 [ 38.243765] ? kmem_cache_alloc_trace+0x318/0x780 [ 38.248588] ? kasan_unpoison_shadow+0x35/0x50 [ 38.253164] ? kasan_kmalloc+0xc4/0xe0 [ 38.257032] v9fs_mount+0x7c/0x900 [ 38.260569] ? v9fs_drop_inode+0x150/0x150 [ 38.264785] legacy_get_tree+0x118/0x440 [ 38.268835] vfs_get_tree+0x1cb/0x5c0 [ 38.272619] do_mount+0x6c1/0x1fb0 [ 38.276139] ? check_same_owner+0x340/0x340 [ 38.280456] ? lock_release+0xa30/0xa30 [ 38.284415] ? copy_mount_string+0x40/0x40 [ 38.288635] ? kasan_kmalloc+0xc4/0xe0 [ 38.292513] ? kmem_cache_alloc_trace+0x318/0x780 [ 38.297342] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.302873] ? _copy_from_user+0xdf/0x150 [ 38.307005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.312531] ? copy_mount_options+0x285/0x380 [ 38.317018] ksys_mount+0x12d/0x140 [ 38.320629] __x64_sys_mount+0xbe/0x150 [ 38.324595] do_syscall_64+0x1b9/0x820 [ 38.328479] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.333395] ? syscall_return_slowpath+0x31d/0x5e0 [ 38.338317] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.343316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.348833] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.353832] ? perf_trace_sys_enter+0xb10/0xb10 [ 38.358659] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.363484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.368656] RIP: 0033:0x4401d9 [ 38.372098] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.391220] RSP: 002b:00007ffcf98da5c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 38.398910] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9 [ 38.406172] RDX: 00000000200002c0 RSI: 00000000200001c0 RDI: 0000000000000000 [ 38.413433] RBP: 00000000006ca018 R08: 00000000200003c0 R09: 00000000004002c8 [ 38.420885] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000401a60 [ 38.428139] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 38.435393] Modules linked in: [ 38.438569] Dumping ftrace buffer: [ 38.442085] (ftrace buffer empty) [ 38.445791] CR2: 0000000000000074 [ 38.449228] ---[ end trace 2c25e18c27daec6b ]--- [ 38.453973] RIP: 0010:kfree+0xb2/0x260 [ 38.457851] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 38.476974] RSP: 0018:ffff8801ac8a75d0 EFLAGS: 00010046 [ 38.482337] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 38.489599] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 38.496850] RBP: ffff8801ac8a75f0 R08: ffff8801af3106c0 R09: ffffed0035914df8 [ 38.504099] R10: ffffed0035902a1b R11: 0000000000000001 R12: 0000000000000282 [ 38.511350] R13: 0000000000000000 R14: ffff8801ac8a7740 R15: ffff8801acf98380 [ 38.518609] FS: 0000000002408880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 38.526816] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.532679] CR2: 0000000000000074 CR3: 00000001cfe84000 CR4: 00000000001406f0 [ 38.539932] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.547186] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.554456] Kernel panic - not syncing: Fatal exception [ 38.560195] Dumping ftrace buffer: [ 38.563737] (ftrace buffer empty) [ 38.567442] Kernel Offset: disabled [ 38.571057] Rebooting in 86400 seconds..